Concerns if raising functional levels for domain/forest that includes RODC in DMZ?
We want to raise the functional levels for our current single domain forest now that all DC's are running 2008 R2 or higher. My only concern is a new RODC we added in an isolated subnet that can only talk to one of my DC's (and it's not the one that's the FSMO role holder). We have a small network, so all the FSMO roles are one our one primary DC.
We have a colocation facility that has another DC that's where the RODC is located. communication to the RODC is restricted to just this "colo" DC.
Will I have any issues with my RODC if I raise the domain and forest functional levels from my primary DC in our main office?
I ask b/c I see repadmin errors (error 58) when running repadmin from my primary DC b/c it cannot see the RODC.
Any advice is greatly appreciated!
We have a colocation facility that has another DC that's where the RODC is located. communication to the RODC is restricted to just this "colo" DC.
Will I have any issues with my RODC if I raise the domain and forest functional levels from my primary DC in our main office?
I ask b/c I see repadmin errors (error 58) when running repadmin from my primary DC b/c it cannot see the RODC.
Any advice is greatly appreciated!
Last Comment
Mal Osborne
Are you raising the domain and forrest functional levels from 2008 to 2008R2? If so, you have the option of rolling back if there are problmes. (assuming the AD recycle bin has not been enabled)
You can raise functional levels without issue. Unrelated though, you should adjust your topology aomeach DC accurately knows which others it can reach.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
When I run "repadmin /showrepl *" from my colo DC (which is the only DC allowed to talk to the RODC - which lives in a DMZ), I don't see any errors.
I configured the sites and site links so the DMZ'd RODC will only talk to the COLO'd DC. It was by design. There are firewalls in place to further protect this arrangement.
I'm don't know why the "repadmin /showrepl *" tries to check against the RODC when run from my main office site. Should I use a different syntax?
I configured the sites and site links so the DMZ'd RODC will only talk to the COLO'd DC. It was by design. There are firewalls in place to further protect this arrangement.
I'm don't know why the "repadmin /showrepl *" tries to check against the RODC when run from my main office site. Should I use a different syntax?
* means all DCs
Windows Server 2008
Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
